On Wed, 29 Jul 2009 23:45:33 -0700 (PDT), Greegor
<(E-Mail Removed)> wrote:

>S > *Avast still identifies my Clamav on-demand
>S > scanner as a dangerous trojan ...
>
>That's common result when somebody insists on
>multiple av software in one machine.
I also scan from linux using f-prot. Wow.
I also have superantispyware, spybot and ad-aware, (which I
consider a useless piece of S&^%&^% but can't be bothered to uninstall
.
All as on-demand. So call me a nutcase.
>
>Did you even actually send the notice to alwil? (avast)
>
>Got a copy of the sent message header
>showing where you actually sent it?
Yes, sure. The virus was sent via the avast "send suspected
virus" option. I sent it twice, since the first time nothing happened
vs the virus detection. I also wrote a little note on how the malware
propagated.
Here is how, in the avast help file :
quote
//
Email to ALWIL Software. The selected file will be sent (by
e-mail) to ALWIL Software. You should use this option in special cases
only - e.g. if you suspect avast! of a false alarm. Do not forget to
attach as much information as possible - the reason you are sending
the file, the version of your virus database, etc. Doing so will
improve the service to you - the customers.
Any operation can be performed in three ways: select the file and
choose the operation from the toolbar by clicking the corresponding
icon, or select the object and choose the action from the main menu,
or right click the file and select the action from the popup menu.
//
endquote

Proof ? Here is the logfile: (an xml from the chest folder)
<ChestEntry>
<ChestId>00000010</ChestId>
<FileTime>1246662994</FileTime>
<OrigFileName>qpqdcj.exe.zip</OrigFileName>
<OrigFolder>C:\Documents and
Settings\nemesis\Desktop</OrigFolder>
<Comment>As qpqdcj.exe on pendrives. Your antivirus
did not detect it. The whole town here is full of it.</Comment>
<Category>User</Category>
<TransferTime>1246663232</TransferTime>
<FileSize>434478</FileSize>
</ChestEntry>

A Screenshot of avast detecting clamav on-demand scanner
update as a trojan was sent to (E-Mail Removed), since I suspected no-one
was paying much attention to the standard virus sender.
I did not get a reply.

I ALSO sent the sample to AVG, (E-Mail Removed),on 5th July and
promptly got a reply:
Message-ID: <(E-Mail Removed)>
In-Reply-To: <(E-Mail Removed)>
Subject: Re: G#0904025411 - Pendrive virus. You don't detect by
virustotal (this morning)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: Genesys E-Mail 7.5.000.15

Dear Sir/Madam,

thank you for your email.

Please let us inform you that the file attached to your previous
e-mail was really infected. The detection will be available within one
of the next AVG virus definitions updates.

Thank you for your cooperation.

Best regards,

Tomas Roubal
AVG Technical Support
..........................

BTW, I know that grisoft is not avast. AVG came out with the
update two days after. I'm still waiting for avast.
http://www.virustotal.com/analisis/1...8cf-1247281853
http://www.virustotal.com/analisis/a...f7e-1248630299
(same virus, different names depending on where it is).
Lets just consider the thread closed.
[]'s

From: "Shadow" <Sh@dow>

| On Wed, 29 Jul 2009 23:45:33 -0700 (PDT), Greegor
| <(E-Mail Removed)> wrote:

>>S > Avast still identifies my Clamav on-demand
>>S > scanner as a dangerous trojan ...

>>That's common result when somebody insists on
>>multiple av software in one machine.
| I also scan from linux using f-prot. Wow.
| I also have superantispyware, spybot and ad-aware, (which I
| consider a useless piece of S&^%&^% but can't be bothered to uninstall
: .
| All as on-demand. So call me a nutcase.

>>Did you even actually send the notice to alwil? (avast)

>>Got a copy of the sent message header
>>showing where you actually sent it?
| Yes, sure. The virus was sent via the avast "send suspected
| virus" option. I sent it twice, since the first time nothing happened
| vs the virus detection. I also wrote a little note on how the malware
| propagated.
| Here is how, in the avast help file :
| quote
| //
| Email to ALWIL Software. The selected file will be sent (by
| e-mail) to ALWIL Software. You should use this option in special cases
| only - e.g. if you suspect avast! of a false alarm. Do not forget to
| attach as much information as possible - the reason you are sending
| the file, the version of your virus database, etc. Doing so will
| improve the service to you - the customers.
| Any operation can be performed in three ways: select the file and
| choose the operation from the toolbar by clicking the corresponding
| icon, or select the object and choose the action from the main menu,
| or right click the file and select the action from the popup menu.
| //
| endquote

| Proof ? Here is the logfile: (an xml from the chest folder)
| <ChestEntry>
| <ChestId>00000010</ChestId>
| <FileTime>1246662994</FileTime>
| <OrigFileName>qpqdcj.exe.zip</OrigFileName>
| <OrigFolder>C:\Documents and
| Settings\nemesis\Desktop</OrigFolder>
| <Comment>As qpqdcj.exe on pendrives. Your antivirus
| did not detect it. The whole town here is full of it.</Comment>
| <Category>User</Category>
| <TransferTime>1246663232</TransferTime>
| <FileSize>434478</FileSize>
| </ChestEntry>

| A Screenshot of avast detecting clamav on-demand scanner
| update as a trojan was sent to (E-Mail Removed), since I suspected no-one
| was paying much attention to the standard virus sender.
| I did not get a reply.

| I ALSO sent the sample to AVG, (E-Mail Removed),on 5th July and
| promptly got a reply:
| Message-ID: <(E-Mail Removed)>
| In-Reply-To: <(E-Mail Removed)>
| Subject: Re: G#0904025411 - Pendrive virus. You don't detect by
| virustotal (this morning)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=utf-8
| Content-Transfer-Encoding: quoted-printable
| X-Mailer: Genesys E-Mail 7.5.000.15

| Dear Sir/Madam,

| thank you for your email.

| Please let us inform you that the file attached to your previous
| e-mail was really infected. The detection will be available within one
| of the next AVG virus definitions updates.

| Thank you for your cooperation.

| Best regards,

| Tomas Roubal
| AVG Technical Support
| .........................

| BTW, I know that grisoft is not avast. AVG came out with the
| update two days after. I'm still waiting for avast.
| http://www.virustotal.com/analisis/
| 113d583ebd75564c12117ccf0e2b0f20273e6610f26b0c274e7117f8c7a1e8cf-1247281853
| http://www.virustotal.com/analisis/
| af13e8a6b2aacea266e1c6899ada6fdd318e0259b63be4e9d4287200797f6f7e-1248630299
| (same virus, different names depending on where it is).
| Lets just consider the thread closed.
| []'s


Avast had a False Positive declaraion of VBS:Zulu on some Microsoft web pages.
It took 2 months for Avast to correct that False Positive declaration which is one reason
I am not an advocate of Alwil Avast.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp